CVE Vulnerabilities

CVE-2004-0989

Published: Mar 01, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Affected Software

Name Vendor Start Version End Version
Libxml Xmlsoft 1.8.17 (including) 1.8.17 (including)
Libxml2 Xmlsoft 2.5.11 (including) 2.5.11 (including)
Libxml2 Xmlsoft 2.6.6 (including) 2.6.6 (including)
Libxml2 Xmlsoft 2.6.7 (including) 2.6.7 (including)
Libxml2 Xmlsoft 2.6.8 (including) 2.6.8 (including)
Libxml2 Xmlsoft 2.6.9 (including) 2.6.9 (including)
Libxml2 Xmlsoft 2.6.11 (including) 2.6.11 (including)
Libxml2 Xmlsoft 2.6.12 (including) 2.6.12 (including)
Libxml2 Xmlsoft 2.6.13 (including) 2.6.13 (including)
Libxml2 Xmlsoft 2.6.14 (including) 2.6.14 (including)
Command_line_xml_toolkit Xmlstarlet 0.9.1 (including) 0.9.1 (including)
Red Hat Enterprise Linux 3 RedHat libxml2-0:2.5.10-7 *
Red Hat Enterprise Linux 3 RedHat libxml-1:1.8.17-9.2 *
Libxml Ubuntu dapper *
Libxml Ubuntu devel *
Libxml Ubuntu edgy *
Libxml Ubuntu feisty *
Libxml2 Ubuntu dapper *
Libxml2 Ubuntu devel *
Libxml2 Ubuntu edgy *
Libxml2 Ubuntu feisty *

References